I've been out of grad school just less than a year and have been a professional web programmer (mostly .NET) for about 1+ years now. After some exposure to my company's IDS, network security, and my own experiences in developing more secured web apps got me into penetration testing/IT security field. Over the past few months, I built my own home security lab to experiment with and pretty much self-taught a large amount of security topics through the internet and various textbooks. I ended up getting my CCNA and Security+.

Not even a year out of school I'm already looking to change my career. My company is somewhat small and has really no need for a devoted secure professional and all that stuff is handled by our admins. I'm looking for a way to get started but do I really have to start from scratch as an IT helpdesk?

What types of positions, if any, are open someone like me? Professional experience as a web developer, certs, but no actual experience in the industry?

It is pretty tough to get your foot in the door unless you have a good background in different operating systems (linux really helps) and networking. If you are doing doing a lot of self study, there are many open source and free security tools on which you can get hands on experience. Some of the tools I use on a daily basis include nmap, tcpdump and sysinternals. Also free applications I use include Snort. Splunk, Nessus, Ossec, Metasploit, Netwitness Investigator and CAIN. Having experience with these shows initiative and I think that counts for a lot when we are interviewing.

I thought about going back for a graduate certificate in information assurance or maybe another Masters but in Information Assurance (I have a MS in Comp Engineering but specialized mostly in Comp Sci/Programming). I thought about doing this part-time until I can get an internship/job that would help fund my tuition.

Would my chances for an entry-level position, such as an information security analyst, be better as a graduate student if I went the school route? I am also assuming my background as a web programmer isn't going to help much in the future.

Your welcome, I think your definitely on the right track & landing an entry-level job in security would be easier to obtain with a degree. We have a active thread going on - on this board right here and I noticed some of the guys have suggested getting a degree to advance further into the field; picking up on some certifications while your at it makes your resume look good too!

I think it's a plus where your at having web programming experience, you may pick up on web application penetration testing more quickly than others since you've actually written code. I think since you have a good background with programming, it'll help out in areas like when your learning scripting techniques, exploitation, sql injection, etc. You having the programming degree could work as a plus trying to make a transition over into the field ;) don't count yourself out man.

Last edited by KrisTeason on Wed Mar 24, 2010 2:02 am, edited 1 time in total.